HP Data Protector Express Multiple Remote Code Execution Vulnerabilities

Bugtraq ID:	52431
Class:	Unknown
CVE:	CVE-2012-0121 CVE-2012-0122 CVE-2012-0123 CVE-2012-0124
Remote:	Yes
Local:	No
Published:	Mar 13 2012 12:00AM
Updated:	Jul 02 2012 08:20AM
Credit:	e6af8de8b1d4b2b6d5ba2610cbf9cd38 and Aaron Portnoy via ZDI and Juan Vazquez via BeyondSecurity.com
Vulnerable:	HP Data Protector Express 6.0.01 0 HP Data Protector Express 6.0.00 0 HP Data Protector Express 5.0.01 0 HP Data Protector Express 5.0.00 0
Not Vulnerable:	HP Data Protector Express 6.0.01 build 13958 0 HP Data Protector Express 6.0.00 build 11974 0 HP Data Protector Express 5.0.01 build 70262 0 HP Data Protector Express 5.0.00 build 59287 0

HP Data Protector Express Multiple Remote Code Execution Vulnerabilities

HP Data Protector Express is prone to multiple code-execution vulnerabilities.

Successfully exploiting these issues allow an attacker to execute arbitrary code with SYSTEM privileges.

HP Data Protector Express versions prior to 5.0.00 build 59287 and prior to 6.0.00 build 11974 are vulnerable.

HP Data Protector Express Multiple Remote Code Execution Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

HP Data Protector Express Multiple Remote Code Execution Vulnerabilities

Solution:
The vendor has released an update. Please see the references for more information.

HP Data Protector Express Multiple Remote Code Execution Vulnerabilities

References:

• HP Homepage (HP)
  
• HPSBMU02746 SSRT100781 (HP)